Inactive Did I successfully remove malware?

[compdolt]

I turned on my computer today and a program popped up that said it was "scanning for viruses" and proceeded to "complete a scan" that found 34 "viruses" at which point the screen turned blue (with white 1's and 0's) with a message that said:

"all of your informantion is permanently stored on your hard drive! Download virus protection now."

Needless to say, I realized that my morning was not going to go as planned. I searched and found the 8-steps for removal, but not until after I scanned and removed some malware with Spybot Search & Destroy. In addition to the 8-steps I also ran Adaware. My computer seems to be running fine now, but I was hoping to have someone check the logs to make sure that I have killed it or if I need to do more.

Here are my logs-- I ran the DDS program a couple of times, but could only get one of the logs to pop up.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5296

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/11/2010 1:46:04 PM
mbam-log-2010-12-11 (13-46-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 232317
Time elapsed: 37 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-11 13:58:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: f1eip5ry.exe; Driver: C:\Users\Molly\AppData\Local\Temp\fgrdqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-12-05.01) - NTFSx86
Run by Molly at 13:59:36.21 on Sat 12/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1561 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Molly\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\molly\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\molly\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: download.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\molly\appdata\roaming\mozilla\firefox\profiles\dv939qz2.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t|http://global.acer.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\molly\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\molly\appdata\roaming\mozilla\firefox\profiles\dv939qz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-11 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-9 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-9 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-9 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-9 308136]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-6-15 117256]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-6-15 703008]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2009-6-15 118784]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-6-15 237568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-11 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-15 112128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-6-15 50176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-24 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-11 19:08:00 -------- d-----w- c:\users\molly\appdata\roaming\Malwarebytes
2010-12-11 19:07:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 19:07:53 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-11 19:07:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 19:07:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 15:46:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-11 15:46:16 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-11 15:42:48 -------- d-----w- c:\users\molly\appdata\local\Sunbelt Software
2010-12-11 15:42:25 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-11 15:41:50 -------- d-----w- c:\program files\Lavasoft
2010-12-11 15:12:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-11 15:12:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-11 13:14:40 -------- d-----w- c:\progra~2\bNgOb06301

==================== Find3M ====================

2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

============= FINISH: 14:00:58.52 ===============



Thanks so Much!

~CD

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Attach.txt part of DDS is missing. Please, post it.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[compdolt]

Thanks so much! I'll get started on the first step right away. I couldn't get the attach.txt part of the DSS to appear at all, only the part that I posted appeared. Did I run the program incorrectly?

Thanks!

 

[Broni]

Attach Attach.txt to your next reply and I'll see what's going on there.

 

[compdolt]

Attatch.txt file and MBRCheck

Sorry- ran DDS again and waited a while, the Attatch popped up after a few mins. Thanks!


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2009 12:54:50 PM
System Uptime: 12/12/2010 7:10:47 AM (0 hours ago)

Motherboard: Acer | | Aspire 5810T
Processor: Genuine Intel(R) CPU U2700 @ 1.30GHz | CPU | 1200/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 216.806 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acer Assist
Acer Backup Manager
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer GridVista
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acer VCM
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Amazon MP3 Downloader 1.0.10
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG Free 9.0
Backup Manager Basic
Brother HL-2040
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Launch Manager
MacGAMUT 2003
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Optical Drive Power Management
Picasa 3
PowerDVD
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 5810T
Logical Drives Mask: 0x00000004

Kernel Drivers (total 140):
0x8204A000 \SystemRoot\system32\ntkrnlpa.exe
0x82017000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80477000 \SystemRoot\system32\PSHED.dll
0x80488000 \SystemRoot\system32\BOOTVID.dll
0x80490000 \SystemRoot\system32\CLFS.SYS
0x804D1000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078D000 \SystemRoot\System32\Drivers\UBHelper.sys
0x82609000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x826E4000 \SystemRoot\system32\drivers\atapi.sys
0x826EC000 \SystemRoot\system32\drivers\ataport.SYS
0x8270A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8273C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8274C000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8275B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89E0B000 \SystemRoot\system32\drivers\ndis.sys
0x89F16000 \SystemRoot\system32\drivers\msrpc.sys
0x89F41000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A00C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A11C000 \SystemRoot\system32\drivers\volsnap.sys
0x8A155000 \SystemRoot\System32\Drivers\spldr.sys
0x8A15D000 \SystemRoot\System32\Drivers\mup.sys
0x8A16C000 \SystemRoot\System32\drivers\ecache.sys
0x8A193000 \SystemRoot\system32\drivers\disk.sys
0x8A1A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A1C5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8DAE0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DAEB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DAF4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E400000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8ECFF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDA0000 \SystemRoot\System32\drivers\watchdog.sys
0x8EDAC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EDB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DB03000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DB12000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DB9F000 \SystemRoot\system32\DRIVERS\L1C60x86.sys
0x8DE04000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DEF4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DF07000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8DF11000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DF1C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DF4D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DF4F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DF5A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DF76000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x8DF7E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DF87000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DFB6000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDF5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DBAF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBC6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DBD1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1DB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A1EA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89F7C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x89F91000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DFF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89FA1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DBF4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89FCB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x80795000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89FD8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EE0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F049000 \SystemRoot\system32\drivers\portcls.sys
0x8F076000 \SystemRoot\system32\drivers\drmk.sys
0x8F09B000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8F0BC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F0C5000 \SystemRoot\System32\Drivers\Null.SYS
0x8F0CC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F0D3000 \SystemRoot\System32\drivers\vga.sys
0x8F0DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F100000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F108000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F110000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F11B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F129000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E00E000 \SystemRoot\System32\drivers\tcpip.sys
0x8E0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8E113000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E129000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E13D000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8E177000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E1A9000 \SystemRoot\system32\drivers\afd.sys
0x8F132000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E1F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F148000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F15B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E000000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F197000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F1AE000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8F1B4000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8F1E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x827CC000 \SystemRoot\System32\Drivers\usbvideo.sys
0x807CA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8DA00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FA09000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x962C0000 \SystemRoot\System32\win32k.sys
0x8FAE4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FAEE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x964E0000 \SystemRoot\System32\TSDDD.dll
0x96500000 \SystemRoot\System32\cdd.dll
0x8FAFD000 \SystemRoot\system32\drivers\luafv.sys
0x8FB18000 \SystemRoot\system32\DRIVERS\irda.sys
0x8FB36000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FB46000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FB70000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FB7A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8DA0D000 \SystemRoot\system32\drivers\spsys.sys
0x8FB8D000 \SystemRoot\system32\drivers\HTTP.sys
0x8DABD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x805B1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x89FE9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x805CA000 \SystemRoot\system32\drivers\mrxdav.sys
0xA9C0E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9C66000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9C7E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9CA6000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9CF4000 \SystemRoot\system32\drivers\peauth.sys
0xA9DD2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA9DDC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9DE8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xC3405000 \??\C:\Users\Molly\AppData\Local\Temp\fgrdqpod.sys
0xC341D000 \??\C:\Users\Molly\AppData\Local\Temp\mbr.sys
0xC3424000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77500000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
528 csrss.exe
572 C:\Windows\System32\wininit.exe
580 csrss.exe
592 C:\Program Files\AVG\AVG9\avgchsvx.exe
600 C:\Program Files\AVG\AVG9\avgrsx.exe
640 C:\Windows\System32\winlogon.exe
684 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
796 C:\Program Files\AVG\AVG9\avgcsrvx.exe
948 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\audiodg.exe
1504 C:\Windows\System32\SLsvc.exe
1528 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\svchost.exe
1860 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
2008 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\taskeng.exe
1264 C:\Windows\System32\dwm.exe
1592 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1644 C:\Program Files\Launch Manager\dsiwmis.exe
1672 C:\Windows\explorer.exe
1896 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
1904 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2156 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2204 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
2236 C:\Windows\System32\svchost.exe
2284 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2324 C:\Windows\System32\svchost.exe
2400 C:\Program Files\AVG\AVG9\avgnsx.exe
2428 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\SearchIndexer.exe
2636 C:\Program Files\AVG\AVG9\avgemc.exe
2716 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2900 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2976 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3208 unsecapp.exe
3216 WmiPrvSE.exe
3296 WmiPrvSE.exe
3616 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3624 C:\Windows\System32\igfxtray.exe
3632 C:\Windows\System32\hkcmd.exe
3640 C:\Windows\System32\igfxpers.exe
3648 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3664 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3896 C:\Windows\System32\taskeng.exe
3948 C:\Program Files\Launch Manager\LManager.exe
3960 C:\Windows\PLFSetI.exe
3968 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3996 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
4004 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
4032 C:\Program Files\AVG\AVG9\avgtray.exe
4040 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4048 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4092 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2196 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
3460 C:\Windows\System32\igfxsrvc.exe
3876 C:\Windows\System32\wbem\unsecapp.exe
2736 C:\Windows\System32\igfxext.exe
3844 C:\Windows\System32\igfxsrvc.exe
2440 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
2080 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1232 C:\Windows\System32\igfxext.exe
3404 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
5812 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5904 C:\Windows\System32\wuauclt.exe
4792 dllhost.exe
4536 dllhost.exe
5304 taskeng.exe
6116 C:\Users\Molly\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[Broni]

...and Combofix....

 

[compdolt]

Here's Combofix!

ComboFix 10-12-11.06 - Molly 12/12/2010 13:45:10.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3001.1936 [GMT -6:00]
Running from: c:\users\Molly\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://ads1.msads.net
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 19:51 . 2010-12-12 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 19:08 . 2010-12-11 19:08 -------- d-----w- c:\users\Molly\AppData\Roaming\Malwarebytes
2010-12-11 19:07 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 19:07 . 2010-12-11 19:07 -------- d-----w- c:\programdata\Malwarebytes
2010-12-11 19:07 . 2010-12-11 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 19:07 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 15:46 . 2010-12-11 15:46 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-11 15:46 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-11 15:46 . 2010-12-11 15:46 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-11 15:42 . 2010-12-11 15:42 -------- d-----w- c:\users\Molly\AppData\Local\Sunbelt Software
2010-12-11 15:42 . 2010-12-11 15:42 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-11 15:41 . 2010-12-11 15:46 -------- d-----w- c:\programdata\Lavasoft
2010-12-11 15:41 . 2010-12-11 15:41 -------- d-----w- c:\program files\Lavasoft
2010-12-11 15:12 . 2010-12-11 22:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-11 15:12 . 2010-12-11 15:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-11 13:14 . 2010-12-11 13:14 -------- d-----w- c:\programdata\bNgOb06301

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:50 . 2010-07-30 14:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 23:25 . 2010-09-10 23:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-24 68856]
"Google Update"="c:\users\Molly\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-26 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-02 249600]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-31 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-16 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-30 176128]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\users\Molly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-15 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-10 30192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-16 703008]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-02 54528]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-30 118784]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 03:31]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 03:31]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3715082811-1155734369-568315705-1000Core.job
- c:\users\Molly\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 13:23]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3715082811-1155734369-568315705-1000UA.job
- c:\users\Molly\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: download.com
FF - ProfilePath - c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\dv939qz2.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t|http://global.acer.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Molly\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Molly\AppData\Roaming\Mozilla\Firefox\Profiles\dv939qz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 13:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-12 13:55:25
ComboFix-quarantined-files.txt 2010-12-12 19:55

Pre-Run: 233,476,214,784 bytes free
Post-Run: 232,695,234,560 bytes free

- - End Of File - - 52020FC4F6288C7BD9D3C7EB43080DB7

 

[Broni]

We'll start with fixing your MBR:

Found non-standard or infected MBR.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[compdolt]

Hello! Sorry for the delayed response. I have been trying to complete the mbr fix, but have been unsuccessful. I am not sure if I have set the boot order properly as the screen that showed up on my computer didn't match any of the ones on the website. Here's what it was like:

I pressed F2 to go to the startup screen, which had 5 main menus:

Info, Main, Security, Boot, and Exit.

The boot menu had the following options:

1. IDEO: WDC WD 3200BEVT-22zct0
2. IDE1:
3. CD/DVD: MATSHITADVD-RAM UJ862AS
4. USB FDD:
5. Network Boot: Atheros Boot Agent
6. USB Device:
7. USB: CD/DVD ROM
8. USB: CD/DVD ROM


I tried booting the computer with #3, #7, and #8 as the first boot priority, and got as far as selecting the language. After this point I got the following message each time:

"Can't open CD driver CDRCACH
SHSUCDX
Can't install, failure loading, unable to find CDR drive!
If you have multiple CD ROM drives please remove the other CD ROM discs and try again. Otherwise your disc may be corrupt or the CD ROM driver does not correctly support your system.
Please reboot your computer now."

I also burned a second cd and got the same result.

Thanks,
Molly

 

[Broni]

That happens...

We'll use different method....

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

 

[compdolt]

Sorry I have been a bit out of touch. I tried to download the recovery file, but foolishly burned the wrong windows (64 bit instead of 32 bit) on my very last cd-- and then went on a short trip and haven't been able to work on this problem. I hope to get some more discs today, but I may not be able to.

Thanks!

Molly

 

[Broni]

Thanks for keeping me updated